privacy for dns queries oblivious dns: practical · 2019. 7. 22. · encryption/decryption is...
TRANSCRIPT
Oblivious DNS: Practical Privacy for DNS Queries
Paul Schmitt (Princeton)Anne Edmundson (Princeton)Allison Mankin (Salesforce)Nick Feamster (Princeton)
Recursive DNS Server TLD Server
Authoritative Server
Client
Root Server
Conventional DNS
1
2
3
4
www.foo.com?
● Client identity and query are viewable at and prior to the recursive (ISP) server
● DNS operators can be targets of data requests Recursive DNS
ServerTLD Server
Authoritative Server
Client
Root Server
Conventional DNS
1
2
3
4
www.google.comwww.amazon.com
www.bing.com
Recursive DNS Server
TLD Server
Authoritative Server
Client
Root Server
Conventional DNS
1
2
3
4
● Services now offer open DNS resolvers with promise of deleting logs
● Shifts trust to these providers
● Other techniques do not fully protect user privacy:○ DNS-over-TLS○ DNS-over-HTTPS○ QNAME minimization
www.google.comwww.amazon.com
www.bing.com
Oblivious DNS
Goal:
● Separate user identity from query
Requirements:
● Compatible with existing infrastructure
● Minimize overhead
Recursive DNS Server
Clients ODNS Stub
ODNS Authoritative
Server
TLD Server
Root Server
1
2
3
4
Stub encrypts & formats domain with a session key
User queries NOT visible at recursive server
Oblivious DNS
Goal:
● Separate user identity from query
Requirements:
● Compatible with existing infrastructure
● Minimize overhead
Recursive DNS Server
Clients ODNS Stub
ODNS Authoritative
Server
TLD Server
Authoritative Server
Root Server
TLD Server
Root Server
1
2
3
4
5
6
7
Stub encrypts & formats domain with a session key
ODNS authoritative acts as a recursive resolver
User queries NOT visible at recursive server
User identities NOT visible at ODNS Authoritative server
ODNS Crypto Overhead
● Roughly ~1-2 ms for crypto operations using standard libraries
● Symmetric encryption/decryption is lightweight
ODNS Crypto Overhead
● Roughly ~1-2 ms for crypto operations using standard libraries
● Symmetric encryption/decryption is lightweight
ODNS WAN Latency
● Latency to ODNS Resolver added to each query
● Widespread anycast deployment to mitigate WAN latency
Key Distribution
● Anycast for scalability
● Special query reaches the nearest anycast server
● Server responds with public key and name
ODNS Overhead: Page Load Time
ODNS Overhead: Page Load Time
Different CDNs / javascript resources
ODNS Overhead: Page Load Time
How is ODNS better in some cases?
ODNS Overhead: Page TTFB
ODNS Overhead: Page TTFB
Directed to CDNs that are closer
Impact on Recursive Cache
● Simulated with trace of ~8M queries
● If caching at stub, ODNS reduces traffic burden on the recursive resolver
Impact on Cache (2)
● Undesirable cache entries?
● Some resolvers ignore TTL = zero
● “Bad” == ODNS entry causing non-ODNS to be ejected
Discussion
● Challenges:○ EDNS0 Client Subnet ○ QNAME length○ 0x20 bit encoding
● Policy-based routing
Thank you
Paul [email protected]
Backup slides
Why Not Tor?
● Latency (median)○ ODNS: 31.31 ms○ Tor: 276.76 ms
● Censorship concerns
● Exit node can be associated with traffic
Protocol
● Stub encrypts query with session key and session key with resolver public key
● Stub appends resolver name to encrypted query
● ODNS resolver decrypts session key with private key, query with session key, and encrypts response
QNAME Length
● QNAME = 4 sets of 63 bytes
● base64 encoding○ 0x20 bit
encoding issue
EDNS0 Client Subnet
● Must avoid some recursive resolvers